Re: [Evolution] GPG support

[guenther <guenther rudersport de>]

Replying on-list as well, since this doesn't seem to be private mail.
Please reply to list or reply to all.


On Sun, 2006-02-19 at 12:24 +0100, Erik Slagter wrote:
> On Fri, 2006-02-17 at 19:36 +0100, guenther wrote:
>
> > Anyway, to automate this process (importing of unknown keys), edit your
> > GPG options in ~/.gnupg/options or ~/.gnupg/gpg.conf and let GPG itself
> > care about this. :)  Just add these settings:
>
> > keyserver your.preferred.keyserver.net
> > keyserver-options auto-key-retrieve
>
> > Works like a charm for me. :)  HTH
>
> Works indeed, but keeps the sender "untrusted" (yellow button) :-(

Sure.

All this does is fetching the keys, so GPG at least can decide, if the
signature is correct. (Remember, it is GPG rather than Evo fetching the
keys.)

Simply having a key does not imply any trust. And it must not.
Developing a web of trust and trusting your correspondents is a
different, sensitive and crucial step. It is important, that a user does
this right and assures oneself of the identity, before signing. That's
why a button "sign this key" in a mailer is out of place, IMHO.

Again, all Evo displays is what GPG tells. Developing the web of trust
is GPGs duty. Verifying a key is GPGs duty. The only funky addition by
Evo is visibly highlighting different states by different colors.

...guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}